Microsoft Secure – Protecting from Evolving Security Threats Part 1
Cloud computing, mobile devices, the Internet of Things, and the increasing digitization of information and processes in a hybrid computing environment present new challenges to securing data and information. The cyber-threat landscape of today requires an ongoing and relentless focus on security, especially when considering that many current government security, privacy and compliance policies were developed in an on-premises only environment, and where regulation and policy traditionally lag innovation. That’s why we’re using this blog to kick off an ongoing series on security for government agencies.
Citizens expect always-on secure, mobile, smart phone enabled digital services connected to massive hyper-scale clouds and telco bandwidth. Securely delivering these same capabilities to agency information workers and citizens can be challenging, given the average time between breach and detection is typically over 140 days. To put that into context: on average, an attacker exists within a company’s or agency’s infrastructure—free to gather information or worse—for almost four-and-a-half months before being found. It’s not that agencies aren’t employing security best practices but the reality is all the protection in the world can’t stop a determined hacker.
What agencies need to do is shift their focus from a protection-only approach to include equal, if not more, focus on detection after the fact so that they can get the 140 days down to minutes between infiltration and detection. They need to take an “assume breach” mentality. When you approach security as if your environment has already been compromised, you start thinking about how to detect compromises early and recover quickly. Shifting from passive-defense to active-defense changes your security posture—you’re aware, you’re prepared, you’re ready to act.
At Microsoft, we’ve evolved beyond point solutions that address individual security concerns one product at a time and are using machine learning to identify and detect issues early and accurately using an assume breach approach. Our “built-in” security methods now enable you to be vigilant from a high level on all fronts. For example, when a new software-as-a-service app is being used by your employees, you can detect it immediately and get data about what risks and threats it may pose to your agency.
Microsoft has a vast cyber footprint. We receive anonymized telemetry from billions of logins, devices and services, on both private and public clouds. Combining that with machine learning, behavioral inspection and expert human analysis, we can detect and respond to what looks like anomalous behaviors and incorporate that to prevent a potential threat. This intelligence is built into our products and solutions to give you visibility and insights into potential compromises. Our cybersecurity experts in the Digital Crimes Unit and the Cyber Defense Operations Center monitor all this information to identify real threats. This combination of machine learning and human vigilance equals holistic protection.
To help government agencies protect their data from these new and emerging threats, we have capabilities that can be used in concert with existing security solutions. Please stay tuned for our next blog in this series, focusing on Windows 10 security. In the meantime, feel free to take advantage of the following Microsoft resources as part of your agency’s ongoing and relentless focus on security:
- Agencies can start protecting against identity compromise with an enterprise-grade, identity-driven security solution:
- Discover, control and protect cloud applications:
- Protect against data leakage:
- Protect against malware and phishing attacks:
- Respond to compliance and security incidents: